Skip to main content
Open Search
Get in Touch
Search for topics or resources
Enter your search below and hit enter or click the search icon.
Close Search
Get in Touch
Re_smartShift_Mosaic Triangle Background

Privacy Policy

With the following information, we would like to give you, as a visitor to our website, an overview of how your personal data is processed by us and of your rights under data protection law. Which data is processed in detail and in which way it is used depends largely on the services agreed upon. Therefore not all parts of this information will apply to you.

To manage your data preferences or submit a privacy request at any time, please visit the Your Privacy Choices page.

1. Controller and Contact Details of the Data Protection Officer

Responsible for the processing is
smartShift Technologies
Augustaanlage 59
68165 Mannheim
connect@smartShifttech.com

(hereinafter referred to as the “Company“)

You can reach our data protection officer at
smartShift Technologies
– Data protection officer –
Augustaanlage 59
68165 Mannheim
datenschutzbeauftragter@smartShift.com

2. Information on the Processing of Personal Data

2.1. Data Categories

In the context of the use of our websites, applications or online tools (hereinafter collectively referred to as “online offer”) we process the following personal data:

  • Personal data that you yourself enter voluntarily as part of an online offer (such as when registering, requests for contact, as part of requesting an offer, etc.), such as first and last name, e-mail address, telephone number, information provided when contacting us, or details of the planned project
  • HTTP data is protocol data that is generated when the website is called up via the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons: This includes IP address, type and version of your Internet browser, operating system used, the page called up, the page previously visited (referrer URL), date and time of the call. HTTP(S) data also accumulates on servers of service providers (e.g. when third-party content is called up).
  • Search function data is data that you enter into the search functions of our website: This includes all information that you enter as search terms in the respective search form on the website
  • Cookie setting data is used to manage your cookie settings. This includes your consent, your objections (opt-out) and, if applicable, your individual selection for the use of cookies on your end device
  • Error data are error messages from the server and individual applications that are stored.

2.2. Purposes and Legal Basis of Data Processing

We process your personal data only where we have a lawful basis to do so under the GDPR. The lawful bases we rely upon are:

  • Consent (Art. 6(1)(a) GDPR): Where you have given us clear, affirmative consent to process your data for a specific purpose, such as receiving marketing communications or activating non-essential cookies. You may withdraw your consent at any time with effect for the future. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. To withdraw consent, please visit the Your Privacy Choices page, email us at connect@smartShifttech.com, or click the unsubscribe link in any marketing email.
  • Contract (Art. 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
  • Legal obligation (Art. 6(1)(c) GDPR): Where processing is necessary for compliance with a legal obligation to which smartShift is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR): Where processing is necessary for the purposes of our legitimate interests or those of a third party, provided those interests are not overridden by your interests, rights, or freedoms. Where we rely on this basis, our legitimate interest is described in the relevant section below. You have the right to object to this processing at any time — see Section 8 for how to do so.

We do not use consent and legitimate interest interchangeably for the same activity. Where marketing communications are sent to existing contacts based on a prior business relationship, we rely on legitimate interest and will always provide a clear and simple opt-out. Where marketing communications are sent to individuals who have no prior relationship with us, we will only do so on the basis of freely given, specific, and documented consent. 

2.2.1.  Technical Administration of the Website

When using the website, the browser used on your terminal device sends certain information to the server of our website (including HTTP data, search function data, cookie setting data and error data). This data is stored and processed on our server.

The data processing serves to prevent and detect fraudulent or similar actions, including attacks on our IT infrastructure, and to enable user authentication. At the same time, the processing serves to provide you with the contents of the website you have accessed, to correct errors, to enable and simplify searches on the website, and to manage cookies.

The legal basis for this data processing is our legitimate interest, Art. 6(1)(f) GDPR. Without disclosure of these personal data, such as the IP address, the use of the website is not possible. Communication via the website without providing data is not technically possible.

2.2.2.  Services and Marketing Communications

We process personal data to enable you to make use of the services and functions of our online offers, to process inquiries, and to fulfil our contractual obligations. The legal basis for this processing is the initiation or fulfilment of contractual relationships (Art. 6(1)(b) GDPR).

Marketing communications: We may also use your contact details to send you information about our services, industry insights, events, and other content that we believe may be of interest to you. We do this either on the basis of your prior consent (Art. 6(1)(a) GDPR), or on the basis of our legitimate interest in promoting our services to existing contacts and prospects who have engaged with us (Art. 6(1)(f) GDPR). Our legitimate interest in doing so is balanced against your right to privacy; we only contact individuals where there is a reasonable expectation of relevance and we always provide a clear and easy means to opt out.

You have the right to object to marketing communications at any time, without giving reasons, and we will stop processing your data for that purpose immediately. To opt out, you can: click the unsubscribe link in any marketing email, email us at connect@smartShifttech.com, or submit a request via the Your Privacy Choices page.

Data sourced from third parties: In some cases, we may receive your contact information from third-party data providers, including ZoomInfo (see Section 2.3.3). Where we have obtained your data from a third-party source, we will identify that source if you submit a Subject Access Request under Art. 15 GDPR.

2.3. Cookies

Within the framework of our online offer, we also use so-called cookies. Cookies are small text files that are stored by your browser on your terminal device when you visit our website. Cookies contain information that is related to the context of use and your terminal device. When you call up the website again with the same terminal device, the information stored in cookies can be read out and processed.

Depending on the type of cookie, the use of cookies is possible without consent or requires consent. Technically necessary cookies enable core website functionality and do not require your consent. The legal basis for processing in these cases is our legitimate interest (Art. 6(1)(f) GDPR).

We also use statistical (analytics) cookies and marketing cookies, which are only activated if you provide your consent via our cookie banner when you first visit our website. You may withdraw or update your cookie consent at any time by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of parts of this website.

You may opt out of receiving marketing emails at any time by clicking the unsubscribe link included in our emails or by visiting the Your Privacy Choices page. Opting out of marketing emails will not affect transactional or service-related communications.

Overview of the cookies used on this website:

Provider Purpose Type Storage Period
Google Tag Manager Control the placement of cookies on our website and ensure the security of the application Technically necessary Until no longer required for the purposes of processing
Google Analytics Analytics Investigation of the user behaviour of our website in pseudonymised form to increase the efficiency of our use of resources for our website and to optimise our website Statistics 14 months
Hubspot Analytics Investigation of the user behaviour of our website in pseudonymised form to increase the efficiency of our use of resources for our website and to optimise our website Analytics cookies Different cookies are expiring in different time frames with max holding period being 13 months.
ZoomInfo Statistics cookies are placed to optimize the website experience for our users. With these statistics cookies we get insights in the usage of our website. Analytics of the user behaviour of our website in an identifiable form that aim to optimise our website and the workflows. Analytics & Statistics Until no longer required for the purposes of the processing.

2.3.1.  Google Analytics

This website uses functions of the web analysis service “Google Analytics”. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics also uses so-called cookies. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6 para. 1 letter a GDPR. We obtain the necessary consent from our users immediately after calling up our website.

IP anonymisation

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within the states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.

Browser plug-in

You can also prevent the storage of cookies by adjusting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://support.google.com/analytics/answer/181881?hl=en.

General objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will then be set to prevent the collection of your information on future visits to this website: Disable Google Analytics.

You can find more information on how Google Analytics handles user data in the Google privacy policy under the following link: https://support.google.com/analytics/answer/6004245?hl=en.

2.3.2. Hubspot

Hubspot uses the following cookies that are set on the smartShift website for tracking user interaction with the website elements and analytics

Cookie Type Cookie Name
Necessary Cookies __cfduid
Necessary Cookies __cfruid
Analytics Cookies __hstc
Analytics Cookies hubspotutk
Analytics Cookies __hssc
Analytics Cookies __hssrc

You can find information about the Hubspot cookies under the following link: https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

2.3.3. ZoomInfo

smartShift uses ZoomInfo, a business intelligence and data enrichment platform operated by ZoomInfo Technologies LLC. ZoomInfo's technology may be used to identify visitors to our website and enrich contact records with professional information such as name, job title, company, and email address. This data may be used to support our sales and marketing activities, including follow-up outreach.

Unlike purely statistical cookies, ZoomInfo may process data in an identifiable form. If you have a ZoomInfo profile, information about your visit to our website may be associated with your identity. The lawful basis for this processing is our legitimate interest in identifying potential business contacts and tailoring our outreach accordingly (Art. 6(1)(f) GDPR). You have the right to object to this processing at any time — see Section 8.

If your data has been sourced from ZoomInfo and you submit a Subject Access Request, we will confirm this as the source. For more information about ZoomInfo's own data practices and to exercise your rights with ZoomInfo directly, please visit: https://www.zoominfo.com/legal/privacy-policy.

2.4. Contact

On our website, there are contact forms which can be used for electronic contact. If a user takes advantage of these possibilities, the data entered in the form will be transmitted to us and stored. The processing of this personal data serves to process the contact and to prevent misuse of the contact form. The legal basis for the processing of data transmitted in the course of contacting us is Art. 6(1)(f) GDPR (legitimate interest). If the purpose of the contact is to conclude a contract, Art. 6(1)(b) GDPR is a further legal basis.

If the legal basis for processing is our legitimate interest, you have the right to object to the processing of your personal data at any time. In such a case, however, the correspondence cannot be continued.

To request deletion of your data, please email connect@smartShifttech.com or submit a request via the Your Privacy Choices page. All personal data stored in the course of the contact will be deleted once it is no longer required for the purpose of its collection, which is when the respective correspondence is finished. Data will not be passed on to third parties outside the company and will be used exclusively for the processing of correspondence.

3. Social Media

We use references (“links”) to the social networks Facebook, LinkedIn, YouTube and Twitter on our website on the basis of Art. 6 para. 1 sentence 1 letter f GDPR to draw attention to our services and products and to contact you as a visitor and user of these social media sites and our website.

You can recognize the links by the logo of the respective social network. By clicking on the logo, a direct connection is established between your browser and the server of the respective service and you are redirected to the website of the service provider. These are not so-called social plug-ins, which establish a connection and data transfer to the respective social network as soon as you call up our website.

We point out that you use the following services and their functions at your own responsibility. We have no influence on the type and scope of processing. Furthermore, please note that when calling the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. In detail, these are the following third-party providers:

3.1. YouTube

This website uses the YouTube video platform, which is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter “YouTube”). YouTube is a platform that enables the uploading and playback of video files. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

When you access a page from our site, the embedded YouTube player connects to YouTube’s servers to transmit and play video and audio files. In the process, data is also transferred to YouTube as the person responsible. We are not responsible for the processing of this data by YouTube.

For more information about the scope and purpose of the data collected, the further processing and use of the data by YouTube, your rights and the data protection options you can choose, please see the YouTube privacy policy.

3.2. Facebook

This online offer also links to the services of the company “Facebook” (hereinafter “Facebook”). The operating company of Facebook is Facebook, Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible for processing personal data if a data subject lives outside the USA or Canada.

When you visit our Facebook fan page, Facebook records in particular your IP address and, if applicable, other information that is available on your PC in the form of cookies. This information is used to provide us, as the owner of the Facebook Fan Page, with statistical information about the usage of the Facebook Page.

The data collected about you in this context will be processed by Facebook and may be transferred to countries outside the European Union. We would like to point out that Facebook is responsible for the corresponding transmission and subsequent processing procedures under data protection law. Which concrete data Facebook receives and how this is used is described in general terms in the Facebook data protection guidelines. Further information on this can be found in the Facebook privacy policy.

3.3. LinkedIn

This website also links to our presence on the social platform LinkedIn, which serves to initiate and establish professional contacts. LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. We would like to point out that LinkedIn is responsible for the corresponding transmission and subsequent processing operations in accordance with data protection law. What specific data LinkedIn receives and how it is used is described in general terms in the LinkedIn privacy policy.

3.4. X

We link on our website to our X Inc. short message service subpage, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. Responsible for data processing of persons living outside the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

By using X your personal information will be collected, transferred, stored, disclosed and used by X Inc. regardless of your residence in the United States, Ireland and any other country in which X Inc. conducts business, and will be transferred, stored and used by X Inc. Firstly, X processes all information you voluntarily enter, such as your name and user ID, email address, phone number and the contacts in your address book when you upload or synchronize it. Furthermore, X also evaluates the content you share to determine what topics you are interested in and may store and process confidential messages.

For information on what data is processed by X and for what purposes, please see the X privacy policy.

4. Recipients and Recipient Categories

Within our company, access to your data is granted to those entities that need it to fulfil their contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes, provided they maintain confidentiality and integrity in particular. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, consulting, and sales and marketing.

With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations. We may only pass on information about you if required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be:

  • Public bodies and institutions (e.g. tax authorities, criminal prosecution authorities, family courts, land registry offices) if there is a legal or official obligation,
  • Credit and financial service institutions or comparable institutions to which we transfer personal data in the course of the business relationship (e.g. banks, credit agencies),
  • Creditors or insolvency administrators who make inquiries in the context of a foreclosure,
  • Certified public accountant,
  • Service providers that we call upon within the framework of contract processing relationships,
  • Sales representative of the company

5. Transfer to Third Countries

Data is transferred to bodies in countries outside the European Union (so-called third countries) if

  • it is necessary for the execution of your orders (e.g. delivery orders)
  • it is required by law (e.g. reporting obligations under tax law) or
  • you have given us your consent.

Furthermore, a transfer to bodies in third countries cannot be excluded in the following cases:

  • to maintain and ensure the IT operation and IT security of the company and
  • on combating money laundering, terrorist financing and other criminal activities.

The use of our social media and map services may result in data transmissions and subsequent processing of usage data in the USA. The legal basis for any processing activities is your explicitly declared consent, which you have given via the cookie banner. Your consent justifies such data processing exceptionally on a case-by-case basis in accordance with Art. 49 para. 1 lit. a GDPR. Please note that the level of data protection in the USA is not comparable to that in the EU and EEA. In particular, it is possible that state authorities may access your personal data on the basis of legal authorizations without us or you being informed. There are no comparable possibilities for our own legal enforcement in the USA, so that this does not seem promising.

Any data transmissions take place exclusively automatically in connection with the use of our social media offerings and Google’s map services and with the help of cookies. Further details can be found in the “Cookies” and “Social Media” sections of this privacy policy.

6. Storage Duration

We process and store your personal data only for as long as it is necessary for the fulfilment of our contractual obligations, the exercise of our rights, or compliance with legal obligations.

If data is no longer required for contractual or legal purposes, it is regularly deleted, unless temporary further processing is required for the following purposes:

Fulfilment of commercial and tax law retention obligations under the German Commercial Code (HGB), the German Fiscal Code (AO), and the Money Laundering Act (GwG). The retention periods specified there are generally two to ten years.

Preservation of evidence within the framework of statutory limitation periods. Under §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, with the regular limitation period being three years.

Marketing and CRM data: Personal data held in our CRM system (HubSpot) for marketing purposes is reviewed periodically. Contacts who have not engaged with our communications and with whom we have no active business relationship will be suppressed or deleted after a period of 3 years. If you have opted out of marketing, your opt-out record is retained indefinitely to ensure we do not inadvertently contact you again.

7. Data Security

Our employees and the service companies commissioned by us are obliged to maintain secrecy and comply with the provisions of the applicable data protection laws. The company takes appropriate technical and organizational security measures to protect your personal data from loss, alteration, destruction and access by unauthorized persons or unauthorized disclosure. Our security measures are constantly improved in line with technological developments.

8. Rights of Data Subjects

Under EU GDPR and UK GDPR, every data subject has the following rights. You can exercise any of these rights by visiting the Your Privacy Choices page, emailing our Data Protection Officer at datenschutzbeauftragter@smartShift.com, or writing to us at the address in Section 1. We will respond to all requests within one calendar month of receipt, as required by Art. 12 GDPR. In complex cases we may extend this by a further two months and will notify you if we do so.

Right of access (Art. 15 GDPR): You have the right to receive confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is processed, where it came from, who it has been shared with, and how long it will be retained.

Right to rectification (Art. 16 GDPR): You have the right to request that we correct inaccurate personal data or complete incomplete data without undue delay.

Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent and no other lawful basis applies, where you have objected to processing and there are no overriding legitimate grounds, or where the data has been unlawfully processed. Please note that restrictions may apply under Sec. 35 German Data Protection Act (BDSG).

Right to restrict processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your data in certain circumstances, for example while we verify the accuracy of data you have disputed.

Right to data portability (Art. 20 GDPR): Where processing is based on your consent or a contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data where that processing is based on our legitimate interests (Art. 6(1)(f) GDPR). We will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defence of legal claims.

Right to object to direct marketing (Art. 21(3) GDPR): Where your personal data is processed for direct marketing purposes, you have the right to object at any time. This right is absolute — upon receiving your objection we will cease processing your data for marketing purposes immediately and without requiring justification.

Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of any processing carried out prior to withdrawal.

Right not to be subject to automated decision-making (Art. 22 GDPR): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making of this nature.

Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a competent supervisory authority. The lead authority for smartShift's EU operations is the Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg (LfDI) (www.baden-wuerttemberg.datenschutz.de). UK residents may also lodge a complaint with the Information Commissioner's Office (ICO) (www.ico.org.uk).

Please note that the restrictions pursuant to Sec. 34 and 35 German Data Protection Act (BDSG) apply in the case of the rights of access and erasure.

9. Information Security & Certifications

smartShift maintains a comprehensive information security program designed to protect customer and personal data.

smartShift Technologies India Private Limited (Bengaluru, India) is the legal entity certified under ISO/IEC 27001:2022 for its Information Security Management System (ISMS).

While this website may reference smartShift and its parent or affiliated entities, ISO/IEC 27001:2022 certification applies specifically to the Bengaluru, India operating entity as defined above.

10. Obligation to Provide Data

Within the scope of our business relationship, you must provide us with those personal contractual data which are necessary for the commencement, execution and termination of a business relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to conclude, execute and terminate a contract with you.

The same applies to visiting our online offer and the collection of usage data. Without the collection of usage data, we and our service providers will not be able to provide you with our online offer.

11. Profiling

We do not automatically process your personal data in such a way that it has legal effect on you or in a similar way that it significantly affects you.

12. UK GDPR

This privacy policy applies to data subjects located in the European Union and in the United Kingdom. For UK residents, the processing of your personal data is governed by the UK GDPR as retained in UK law by the Data Protection Act 2018 (DPA 2018), and is overseen by the Information Commissioner's Office (ICO).

Your rights under UK GDPR are equivalent to those described in Section 8 of this policy. To lodge a complaint with the ICO, visit www.ico.org.uk or call 0303 123 1113.

12. Topicality

This privacy policy is currently valid and has the status of January 2026.